WO2011000756A1 - Method for detecting an attempted attack, recording medium, and security processor for said method - Google Patents
Method for detecting an attempted attack, recording medium, and security processor for said method Download PDFInfo
- Publication number
- WO2011000756A1 WO2011000756A1 PCT/EP2010/058949 EP2010058949W WO2011000756A1 WO 2011000756 A1 WO2011000756 A1 WO 2011000756A1 EP 2010058949 W EP2010058949 W EP 2010058949W WO 2011000756 A1 WO2011000756 A1 WO 2011000756A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attack
- processor
- concomitance
- events
- value
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Definitions
- the invention relates to a method for detecting an attempt to attack a security processor by the security processor itself.
- the invention also relates to an information recording medium and a security processor for the implementation of this method.
- Security processors are, generally, hardware components containing confidential information such as cryptographic keys or access rights that only legitimate users can use. To preserve the confidentiality of this information, they are designed to be as robust as possible against attack attempts by hackers.
- a security processor is a smart card equipped with an electronic processor.
- Security processors are subject to different types of attack. Some of these attacks are aimed at extracting or determining the confidential information contained in the security processor. For this purpose, a multitude of attacks have been developed. For example, some of these attacks seek abnormal operation of the security processor by processing messages built by hackers. Other more invasive methods seek to disrupt the operation of the security processor at key moments in its operation by changing its supply voltage or using a laser beam directed to the security processor.
- Card sharing is to decipher by the same security processor several encrypted control words from different receivers. As before, all these receivers can then descramble the scrambled multimedia content while only one of these receivers is entitled to access the content.
- the countermeasure is an action that aims to prevent the attack against the security processor from lasting or can not be fruitful.
- the difficulty is that events representative of an attempted attack may also occur in the absence of an attempted attack.
- it is necessary to avoid producing false detections of attempted attack because they can result in the untimely execution of countermeasures which then impede the legitimate user of the security processor.
- the predetermined threshold a value much higher than all the measurements that can be obtained in the absence of attack.
- the choice of a high predetermined threshold makes some attacks undetectable or slows the detection of an attack attempt.
- the invention aims to remedy this problem by proposing a method of detecting an attack attempt also comprising:
- the above method takes into account the temporal proximity between different events occurring in the security processor. This makes it possible to detect an attack attempt more quickly or to detect an attack attempt that could not be detected by observing the measurement of a single event. Indeed, taken individually, the measurement of each of these events may not be quickly representative of an attack attempt since these events occur during normal operation of the security processor. On the other hand, when these events occur almost concomitantly when normally they must occur independently of each other, this indicates, with a high degree of confidence, that an attempted attack takes place. The above method therefore allows the security processor to detect quickly and with a high degree of confidence that it is the victim of an attempted attack. The execution of the appropriate countermeasures can then be triggered more quickly.
- the value of the attack indicator is constructed from several indices of concomitance between different measured events and weighting the importance of these concomitance indices with respect to one another by means of a predetermined game weighting coefficients;
- the method comprises constructing a plurality of attack indicator values by using a plurality of different sets of weighting coefficients between the same concomitance indices, each set of weighting coefficients being predetermined to be more sensitive to a different attack attempt. those to which the other indicators are more sensitive;
- the weighting coefficient of the same concomitance index is the same in all the sets of weighting coefficients used to construct the different values of attack indicators
- the measurement of an event is limited to a sliding time window so as not to take into account events that occurred outside this time window, to establish that the events are concomitant in the measurement of this time window ;
- At least one of the events measured is the detection of a security processor operating error, each occurrence of which causes the security processor to stop the current processes and automatically reset itself to resume these processes from the beginning;
- weighting coefficients between the concomitance indices makes it possible to simply modify the sensitivity of the attack indicator constructed to a particular type of attack by modifying the value of these weighting coefficients.
- the use of several different sets of weighting coefficients makes it possible, from the same set of concomitance indices, to construct several attack indicators each dedicated to detecting a different attack attempt,
- the invention also relates to an information recording medium comprising instructions for executing the above method, when these instructions are executed by an electronic computer.
- the invention also relates to a security processor comprising:
- FIG. 1 is a schematic illustration of a scrambled multimedia content transmission system comprising a security processor
- FIG. 2 is a schematic illustration of a matrix of weighting coefficients used by the security processor of the system of FIG. 1,
- FIG. 3 is a schematic illustration of an alarm threshold table used by the security processor of FIG. 1
- FIG. 4 is a flowchart of a method for detecting an attempt to attack the security processor of the system of FIG. 1.
- Figure 1 shows a pay system broadcast content multimedia.
- system 2 is a system for broadcasting multiple scrambled TV channels. The descrambling of each of these television channels or group of television channels is conditioned to the payment of a subscription by subscribers.
- the terms "scramble” / "encrypt” and “unscramble” / “decipher” are considered synonymous.
- the system 2 comprises at least one transmitter 4 scrambled multimedia content and a multitude of receivers able to descramble the multimedia content broadcast by the transmitter 4. To simplify Figure 1, only a receiver 6 has been shown. For example, the other receptors are identical to the receiver 6.
- the receiver 6 is connected to the transmitter 4 via a network 8 long distance information transmission.
- the network 8 may be a wireless telecommunications network or a wired network such as the Internet.
- the transmitter 4 broadcasts multiplexed multimedia content with ECM (Entitlement Control Message) and EMM (Entitlement Management Message).
- ECM Entitlement Control Message
- EMM Entitlement Management Message
- Each ECM message comprises at least one CW * cryptogram of a CW control word for descrambling the scrambled multimedia content.
- the receiver 6 comprises a decoder 10 and a security processor 12 removably connected to the decoder 10.
- the decoder 10 comprises a receiver 14 of the data transmitted by the transmitter 4 connected to a demultiplexer 16.
- the demultiplexer 16 demultiplexes the received data and transmits the scrambled multimedia content to a descrambler 18 and ECM or EMM messages to the processor. security 12.
- the processor 12 receives the cryptogram CW * and decrypts the cryptogram to return the CW control word in clear to the descrambler 18. This decryption is only authorized if the access titles contained in the ECM message correspond to access rights stored in the security processor 12.
- the processor 12 is the processor of a smart card.
- the descrambler 18 descrambles the scrambled multimedia content using the CW control word decrypted by the security processor 12.
- the multimedia content descrambled is then, for example, displayed in clear on a screen 20 so that the displayed multimedia content is directly perceptible and comprehensible to the user.
- the processor 12 comprises an electronic computer 24 connected to sensors 26, 27 and a set 30 of registers.
- the sensor 26 comprises a voltage transducer capable of converting the supply voltage of the processor 12 into a digital data item that can be used by the computer 24.
- the sensor 27 comprises a light transducer capable of converting photons of a laser beam directed on the processor 12 into digital data that can be used by the computer 24.
- the assembly 30 comprises eleven registers referenced Co to C10.
- Each of the registers Ci to C10 is intended to contain a measurement of an event that can be triggered by an attempt to attack the processor 12.
- the measured events can also occur in the absence of an attempted attack. However, in the absence of attempted attacks these measured events occur independently of one another. Thus, it is likely that in the absence of an attempted attack, the measured events occur concomitantly. Concomitantly, it is meant that they occur during the same time window.
- a time window is associated with each measured event. This time window can have a finite duration or, on the contrary, infinite. In the case of a finite duration, this means that the events that occur outside this time window are not taken into account in the measurement of this event.
- a time window of finite duration is a sliding time window.
- This sliding time window has a finite duration that is shifted as time passes to take into account only the most recent events for the measurement of this event.
- An infinite duration means that all events are taken into account for the measurement since the measurement of this event was triggered.
- the measurement of an event consists in counting the number of times this event has occurred during the time window associated with this event.
- each of the registers contains a representative number of the number occurrences of the same event. Therefore, in the rest of this description, the registers Ci are called counters Cj.
- measured events There is a large number of measurable events. Typically, measured events fall into one of the following categories:
- the operating errors may be errors in the execution of the code of the operating system of the processor 12, the measurement by the sensors 26 or 27 of an abnormal situation, the discovery of an integrity error on processed data, ... etc.
- the processes in progress are interrupted and the processor 12 resets automatically.
- the counter Ci contains the number of times a command to consult the data of the processor 12 has been received. Indeed, a certain number of data contained in the processor 12 are freely available. For example, there are commands to consult the identification number of the processor 12 or the access rights stored in the processor 12. The receipt of a consultation command is therefore a normal event as long as it is occasional. On the other hand, enumeration of a large number of data look-up commands of the processor 12 over a short time interval can be caused by an attack attempt.
- the counter C2 indicates the presence of unusual rights registered in the processor 12.
- An unusual right is a right that the operator of the system 2 normally does not use. For example, most operators never enter a security entitlement for security processors longer than one year. Therefore, a right entered in the processor 12 whose validity is greater than one year, for example a right of infinite validity, is an unusual right even if this possibility is technically provided. Similarly, normally, the operator never enters a right allowing access and decryption of all multimedia contents in the security processors. Under these conditions, the registration of a right authorizing access to all these multimedia contents in the processor 12 is considered as an unusual right. Registration of a right Unusual in the processor 12 may come from an operator error but may also be representative of an attack attempt.
- the counter C3 counts the number of messages received by the processor 12 which have no functional utility for the processor.
- a message without any functional utility can be:
- a message deleting non-existent data for example: access code, (7) in the processor, or
- the counter C 4 counts the number of syntax errors in the messages transmitted to the processor 12, that is to say typically in the ECM and EMM messages transmitted to this processor. Indeed, the syntax or structure of ECM and EMM messages respects a predetermined grammar.
- the processor 12 can therefore detect these syntax errors and count them in the counter C 4 . Syntax errors can be caused by an operator error but also during an attack attempt.
- the counter C5 is a counter of replayed commands whereas they should not normally be replayed several times.
- the replay of an order consists of sending the same command several times to the security processor.
- the command may be a message for updating certain data stored in the processor 12.
- a replay of a message may be detected by the processor 12 by recording the date of the last update message.
- the counter Ce counts the number of integrity errors detected in the messages received by the processor 12.
- the messages received by the processor 12 contain data and a cryptographic redundancy of these data, which which allows the processor 12 to verify that there is no error in the received data.
- the redundancy on the data can be obtained by integrating in the message received a signature or a CRC ("Cyclic Redundancy Check") data contained in this message. Errors in the data contained in the message can be caused by disturbances during their transport in the network 8 or in the decoder 10. However, erroneous data are also used during an attack attempt.
- the counter C 7 counts the number of integrity errors on data contained in the processor 12.
- a certain number of data recorded in the processor 12 are associated with a cryptographic redundancy for verifying the integrity of the respective recorded data. Again, it may happen accidentally, for example following electromagnetic disturbances, that a data stored in the processor 12 is erroneous. However, the presence of erroneous data recorded in the processor 12 may also be representative of an attack attempt.
- the counter Cs counts the number of traps during the execution of the operating system code of the processor 12.
- a trap is an unwanted or erroneous jump of an instruction of the code executed by the processor 12 to another instruction. These traps in code execution can be detected by executing the same instructions twice on the same data. If the two executions of the code do not give the same result, it signals a diversion. Unintentional jumps of instructions in the code executed by the processor 12 can be caused by playing on the supply voltage of the processor 12 or by directing a laser beam towards this processor 12.
- the counter Cg count the number of times the data recovery procedure following a tear of the processor 12 is executed.
- the breakout of the processor 12 consists in removing, during operation, the processor 12 of the decoder 10 so that the power of the processor 12 is interrupted during data processing.
- the data recovery procedure makes it possible to restore, after such a power failure, the processor 12 in the state in which it was before this power failure.
- the processor 12 may be accidentally torn from the decoder 10. However, untimely power cuts to the processor 12 are also frequently used during an attack attempt to prevent the processor 12 from executing countermeasures.
- the counter C10 counts the number of times an abnormal supply voltage is measured by the cumulative sensor 26 to the number of times a laser beam is detected by the sensor 27.
- abnormal voltages and the presence of a laser beam are typical of an attempt to attack the processor 12.
- these sensors 26 and 27 can also detect an abnormal voltage or the presence of a laser beam accidentally following, for example, electromagnetic disturbances caused by a device near the processor 12 and this even in the absence of attempted attack.
- the powering on of the decoder 12 may result in the detection of an abnormal voltage by the sensor 26.
- the counter Co is distinguished from the previous counters since it counts an event that occurs only during normal operation of the processor 12 and can not be caused by an attack attempt.
- the event counted by the counter Co is the number of ECM and EMM messages correctly processed by the processor 12.
- the value of this counter Co is used to limit the time memory of some of the previous counters to a sliding time window of finite duration.
- the value of the counter Co is subtracted from the value of the counter Ci, where i> 0, and only the difference between these two counters, brought to zero if it is negative, is used in the calculation of a concomitance index as described below.
- the computer 24 is connected to a memory 32 containing the various data and instructions necessary for the operation of the processor 12.
- the memory 32 comprises:
- a matrix 36 of weighting coefficients and a table 38 of alert thresholds is shown.
- matrix 36 An example of matrix 36 is shown in more detail in FIG. 2.
- This matrix 36 contains as many columns as event counters that can be triggered by an attack attempt.
- the matrix 36 is thus a matrix with ten columns each associated with a counter Ci.
- the matrix 36 also contains nine lines associated, respectively, with the counters C2 to C10.
- each concomitance index is constructed in such a way that its value is all the higher when a large number of events measured by the counters Ci and Cj + 1, respectively, occurred near the same instant.
- each concurrency index QC j + i corresponds to the product of the values of the counters Ci and Cj + 1 at the same instant.
- the alert threshold table 38 illustrated in FIG. 3 comprises a first column containing four warning thresholds Si at S 4 . Each alert threshold is a numeric value and these alert thresholds are ranked in ascending order from top to bottom in table 38.
- the table 38 also contains a second column associating with each threshold If one or more countermeasures noted CMi. Countermeasures are actions performed by the security processor 12 which aim to make it more difficult to extract or determine the data contained in the processor 12 or the misuse of this processor 12.
- the countermeasures CMi associated with the threshold Si are less severe and less disabling for the processor user than those associated with the upper alert threshold Si + i.
- the higher the alert threshold If crossed, the higher the countermeasures CMi executed in response are severe.
- the countermeasures CMi consist in adding redundancy to the conditional branches of the code to be executed by the processor 12. For example, this redundancy is obtained by executing the conditional connection several times and checking that at each execution the result obtained is the same.
- the countermeasure CMi consists in adding in addition to the redundancy on the verification operations of the integrity of the processed data. For example, the integrity of the data is checked several times whereas if the threshold Si is not crossed, it is checked only once. It also consists of verifying the integrity of data whose integrity is not verified if the threshold Si is not crossed.
- the countermeasures CM 2 consist, for example, in adding restrictions on the possibilities of chaining instructions of the code executed by the processor 12. This can be obtained by forcing the processor 12 to execute a complete block of instructions without allowing interruption between the execution of the instructions of this block.
- the countermeasure CM 2 also consists in deleting certain previously authorized functions of the processor 12 when the threshold S 2 has not been crossed. For example, adding new services such as adding a new operator or subscription is prohibited. Access to the administrative functions of the processor 12 can also be prohibited if the threshold S 2 is crossed.
- the countermeasures CM3 consist in modifying the weighting coefficients present in the matrix 36 so that the upper threshold, that is to say S 4 , is easily and rapidly reached when events are measures.
- the sensitivity of the processor 12 to the detection of an attack attempt is increased.
- CM 3 countermeasures also include the systematic and duplicate verification of the integrity of each message received.
- Countermeasures CM 3 can also consist of strengthening the controls of the flow of execution. This may include running twice each portion of the executable code by the processor 12 and compare at the end of these two executions that the results obtained are the same. In case of discrepancy between the results obtained, the counter Ce is incremented.
- the countermeasures CM 4 consist in permanently invalidating the processor 12 so that it is permanently unusable. For example, for this purpose, the confidential information contained in the processor 12 is erased.
- the processor 12 In parallel with the normal operation of the processor 12, it also performs a method of detecting an attack attempt. For this purpose, during a step 50, it measures the events likely to be caused by an attempted attack. Here, this measure consists of counting in the counters C 1 the corresponding event.
- the processor 12 builds three attack indicators, respectively, h, I 2 and I 3 .
- the indicator h is designed to be more sensitive to laser disturbance attack attempts than the indicators I 2 and I 3 .
- a laser disruption attack is to direct a laser beam on the security processor to cause instruction jumps in the code executed by that processor at key moments in its execution. Key moments typically correspond to conditional branching.
- rrij j is the weighting coefficient whose value is contained in matrix 36.
- the indicator I 2 is designed to be more sensitive than the other two to the logical attacks.
- a logical attack is to look for a software flaw or an implementation error in the code executed by the processor 12 so as to obtain abnormal behavior of this processor. For example, the logical attack is to send a very large number of erroneous messages to the processor 12 all different from each other until one of these messages causes abnormal behavior of the processor 12.
- the value of the indicator I 2 is constructed using the following relation:
- I 2 mi, 2 CiC 3 + mi, 3 CiC 4 + m 3 , 3 C 3 C 4
- the indicator I 3 is designed to be more sensitive to differential power analysis (DPA) attempts.
- DPA differential power analysis
- a DPA is to send a large number of messages to the processor 12 to cause a large number of executions of the cryptographic algorithms on a large number of data different and to measure, in parallel, the current consumption of the processor 12. Then, by a statistical analysis on the data collected, it is possible to discover what are the values of the keys or confidential data stored in the processor 12.
- the indicator I 3 is constructed using the following relation:
- I3 ( 114.4C 4 Cs + m4.5C4C6 + ( 115.5CsCe.
- the value of these indicators is compared to the different alert thresholds recorded in the table 38 to detect an attempt to attack.
- the transmitter 4 transmits, for example by means of an EMM or ECM message, new values for the weighting coefficients. Then, during a step 62, the processor 12 receives this message and updates the values of the weighting coefficients contained in the matrix 36.
- the updating of the weighting coefficients makes it possible to easily modify the sensitivity of an indicator to a particular attack attempt.
- the processor 12 may comprise several different matrices of weighting coefficients. Each of these matrices can be used to calculate a respective attack indicator. This then makes it possible to assign to each concomitance index a different weighting coefficient as a function of the attack indicator constructed.
- the use of multiple weighting matrixes can also be useful for modifying the weighting matrix used when a new alert threshold is crossed.
- a single attack indicator can be constructed instead of several.
- alert thresholds associated with a particular attack indicator are therefore not necessarily the same as the alert thresholds associated with another attack indicator.
- the table 38 can also be replaced by a single alert threshold associated with countermeasures.
- One of the counters O can simply count the existence of an event without counting the number of occurrences of this event.
- the value of this counter is codable using a single information bit.
- the value of this existence counter can be associated with a time window of infinite or finite duration.
- the processor 12 may also include a temperature sensor.
- the concomitance index is not limited to the product of two measurements. For example, it may also be a product of more than two measurements. However, increasing the number of measurements multiplied between them also increases the size of the matrix of weighting coefficients.
- countermeasures may be executed in response to crossing an alert threshold by one of the attack indicators.
- other countermeasures may consist of modifying the cryptographic algorithm executed by the processor 12.
- a countermeasure may also consist of using or measuring new events to construct an attack indicator that was previously not not measured. For example, in response to crossing an alert threshold, the events measured by one of the sensors 26 or 27 can be counted whereas previously they were not.
- the computer 24 may be formed of one or more processors. For example, it may be formed of a processor with which a coprocessor is associated. The detection method can then be executed by both the processor and the co-processor.
- the measurement has been described here in the particular case where it is a question of counting the number of occurrences of an event.
- the measurement can also consist in recording in one of the registers the value of an event such as for example a value measured by one of the sensors 26 or 27.
- the value of the counters can also be decremented instead of being incremented as previously described.
- the architecture of the receiver 6 is here only illustrative of a particular situation.
- the descrambler 18 can also be removable.
- the descrambler and the security processor can be implemented without any degree of freedom in the decoder.
- the descrambler and the security processor may be in the form of a software component.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MX2011013513A MX2011013513A (en) | 2009-06-29 | 2010-06-23 | Method for detecting an attempted attack, recording medium, and security processor for said method. |
EP10731487A EP2449497A1 (en) | 2009-06-29 | 2010-06-23 | Method for detecting an attempted attack, recording medium, and security processor for said method |
CN201080029645.8A CN102473209B (en) | 2009-06-29 | 2010-06-23 | The safe processor of the detection method of attack attempt, recording medium and adopting said method |
RU2012102988/08A RU2568298C2 (en) | 2009-06-29 | 2010-06-23 | Method to detect attack attempt, record medium and security processor for this method |
US13/378,709 US9600667B2 (en) | 2009-06-29 | 2010-06-23 | Method for detecting an attempted attack, recording medium, and security processor for said method |
BRPI1013816A BRPI1013816A2 (en) | 2009-06-29 | 2010-06-23 | method to detect attempted attack, registry, and security processor for this method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0954431A FR2947361B1 (en) | 2009-06-29 | 2009-06-29 | METHOD FOR DETECTING ATTACK ATTEMPT, RECORDING MEDIUM AND SECURITY PROCESSOR FOR SAID METHOD |
FR0954431 | 2009-06-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011000756A1 true WO2011000756A1 (en) | 2011-01-06 |
Family
ID=41508781
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2010/058949 WO2011000756A1 (en) | 2009-06-29 | 2010-06-23 | Method for detecting an attempted attack, recording medium, and security processor for said method |
Country Status (9)
Country | Link |
---|---|
US (1) | US9600667B2 (en) |
EP (1) | EP2449497A1 (en) |
CN (1) | CN102473209B (en) |
BR (1) | BRPI1013816A2 (en) |
FR (1) | FR2947361B1 (en) |
MX (1) | MX2011013513A (en) |
RU (1) | RU2568298C2 (en) |
TW (1) | TWI512519B (en) |
WO (1) | WO2011000756A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9503785B2 (en) | 2011-06-22 | 2016-11-22 | Nagrastar, Llc | Anti-splitter violation conditional key change |
US9392319B2 (en) * | 2013-03-15 | 2016-07-12 | Nagrastar Llc | Secure device profiling countermeasures |
CN103678709B (en) * | 2013-12-30 | 2017-02-22 | 中国科学院自动化研究所 | Recommendation system attack detection method based on time series data |
EP3270620A1 (en) * | 2016-07-13 | 2018-01-17 | Gemalto Sa | Method and devices for managing a secure element |
RU179302U1 (en) * | 2017-11-21 | 2018-05-07 | Александра Владимировна Харжевская | DEVICE OF DYNAMIC CONTROL OF PERFORMANCE OF SPECIAL COMPUTATIONS |
EP3663959B1 (en) | 2018-12-06 | 2021-08-11 | Mastercard International Incorporated | An integrated circuit, method and computer program |
US11848941B2 (en) * | 2020-09-02 | 2023-12-19 | Nxp B.V. | Collection of diagnostic information in a device |
CN115775419A (en) * | 2021-09-06 | 2023-03-10 | 华为技术有限公司 | Protection method, intelligent lock and computer readable storage medium |
US20240031391A1 (en) * | 2022-07-22 | 2024-01-25 | Semperis Technologies Inc. (US) | Attack path monitoring and risk mitigation in identity systems |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5533123A (en) * | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
EP1575293A1 (en) | 2004-03-11 | 2005-09-14 | Canal+ Technologies | Dynamic smart card management |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100381118B1 (en) * | 1994-04-18 | 2003-04-21 | 마쯔시다덴기산교 가부시키가이샤 | Method and system for prevention of illegal copy and install of information on optical recording media |
US6075884A (en) * | 1996-03-29 | 2000-06-13 | Sarnoff Corporation | Method and apparatus for training a neural network to learn and use fidelity metric as a control mechanism |
GB2365153A (en) * | 2000-01-28 | 2002-02-13 | Simon William Moore | Microprocessor resistant to power analysis with an alarm state |
EP1447976B1 (en) | 2003-02-12 | 2019-06-19 | Irdeto B.V. | Method of controlling descrambling of a plurality of program transport streams, receiver system and portable secure device |
US7681235B2 (en) * | 2003-05-19 | 2010-03-16 | Radware Ltd. | Dynamic network protection |
US8190731B2 (en) * | 2004-06-15 | 2012-05-29 | Alcatel Lucent | Network statistics processing device |
EP1612639A1 (en) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card |
JP4899442B2 (en) * | 2005-11-21 | 2012-03-21 | ソニー株式会社 | Information processing apparatus, information recording medium manufacturing apparatus, information recording medium and method, and computer program |
FR2907930B1 (en) | 2006-10-27 | 2009-02-13 | Viaccess Sa | METHOD FOR DETECTING ABNORMAL USE OF A SECURITY PROCESSOR |
-
2009
- 2009-06-29 FR FR0954431A patent/FR2947361B1/en active Active
-
2010
- 2010-06-23 WO PCT/EP2010/058949 patent/WO2011000756A1/en active Application Filing
- 2010-06-23 RU RU2012102988/08A patent/RU2568298C2/en active
- 2010-06-23 US US13/378,709 patent/US9600667B2/en active Active
- 2010-06-23 EP EP10731487A patent/EP2449497A1/en not_active Withdrawn
- 2010-06-23 TW TW099120485A patent/TWI512519B/en not_active IP Right Cessation
- 2010-06-23 CN CN201080029645.8A patent/CN102473209B/en not_active Expired - Fee Related
- 2010-06-23 BR BRPI1013816A patent/BRPI1013816A2/en not_active Application Discontinuation
- 2010-06-23 MX MX2011013513A patent/MX2011013513A/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5533123A (en) * | 1994-06-28 | 1996-07-02 | National Semiconductor Corporation | Programmable distributed personal security |
EP1575293A1 (en) | 2004-03-11 | 2005-09-14 | Canal+ Technologies | Dynamic smart card management |
Non-Patent Citations (2)
Title |
---|
"Functional model of a conditional access system", EBU REVIEW - TECHNICAL EUROPEAN BROADCASTING UNION, 21 December 1995 (1995-12-21) |
See also references of EP2449497A1 * |
Also Published As
Publication number | Publication date |
---|---|
RU2012102988A (en) | 2013-08-20 |
FR2947361B1 (en) | 2011-08-26 |
MX2011013513A (en) | 2012-04-20 |
BRPI1013816A2 (en) | 2016-04-12 |
CN102473209B (en) | 2016-04-13 |
TW201101090A (en) | 2011-01-01 |
TWI512519B (en) | 2015-12-11 |
FR2947361A1 (en) | 2010-12-31 |
RU2568298C2 (en) | 2015-11-20 |
US9600667B2 (en) | 2017-03-21 |
US20120096547A1 (en) | 2012-04-19 |
EP2449497A1 (en) | 2012-05-09 |
CN102473209A (en) | 2012-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011000756A1 (en) | Method for detecting an attempted attack, recording medium, and security processor for said method | |
US9646140B2 (en) | Method and apparatus for protecting online content by detecting noncompliant access patterns | |
EP1900211B1 (en) | Method and device for controlling access to encrypted data | |
EP2357783B1 (en) | Method for detecting potentially suspicious operation of an electronic device and corresponding electronic device | |
WO2008025900A1 (en) | Security processor and recording method and medium for configuring the behaviour of this processor | |
FR2983597A1 (en) | METHOD FOR DETECTING A DATA READ ERROR | |
CN102209266A (en) | Tracing unauthorized use of secure modules | |
FR3065607A1 (en) | METHOD FOR READING A VIDEO STREAM | |
EP3008905B1 (en) | Terminal identification method in a system for providing multimedia content | |
EP1353511B1 (en) | Access rights management process for television services | |
CN102890756A (en) | Media content generating method and device and media content playing method and device | |
EP1773055B1 (en) | Method for verification of content rights in a security module | |
EP3031000B1 (en) | Method of providing a licence in a system for providing multimedia contents | |
EP3380983B1 (en) | Method for the identification of security processors | |
WO2007006758A1 (en) | Method for detecting errors during initialization of an electronic appliance and apparatus therefor | |
EP2098073B1 (en) | Method for managing the number of visualisations, security processor and terminal for said method | |
WO2012055829A1 (en) | Method of receiving a multimedia content scrambled with the aid of control words and captcha | |
EP2304944B1 (en) | Method for protecting security data transmitted by a sending device to a receiving device | |
EP2356608B1 (en) | Method and device for diagnosing the first reception of an identifier, detection method, storage medium and computer software for said method | |
EP2172896A1 (en) | Value management method in a prepaid device | |
EP3391265A1 (en) | Method for generating a challenge word, electronic device, set value peripheral, and system implementing said method | |
FR2850228A1 (en) | Data processing software integrity ensuring method for receiving television pay-channel, involves verifying whether coding/decoding module has effectively received software using additional information inserted in message | |
WO2009083371A1 (en) | Method for securing a conditional connection, information carrier, software, secured system, and security processor for said method | |
WO2011086286A1 (en) | Method for updating a security processor, and corresponding system, computer program and security processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080029645.8 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10731487 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2619/MUMNP/2011 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010731487 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2011/013513 Country of ref document: MX |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13378709 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012102988 Country of ref document: RU |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: PI1013816 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: PI1013816 Country of ref document: BR Kind code of ref document: A2 Effective date: 20111216 |